States Increase HIPAA Enforcement

A recent blog post summarized Health Insurance Portability and Accountability Act (“HIPAA”) enforcement settlements for Virtual Medical Group (“VMG”) in New Jersey and EmblemHealth in New York that may signal a broader trend of increased state HIPAA enforcement. Under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act’s amendment to HIPAA, codified at 42 U.S.C. § 1320d-5(d), state attorney generals have authority to bring civil actions in federal district court to enforce HIPAA when the interests of state citizens have been affected. Although states also have authority to bring civil actions under state law Unfair and Deceptive Acts (“UDAP”) laws, their additional authority under HIPAA provides an independent vehicle to enforce data privacy and cybersecurity practices. This increased enforcement trend provides yet another reason that health care entities subject to HIPAA need to ensure they have taken steps to ensure HIPAA compliance. For more detailed information, please read the Security and Privacy blog post.

ABOUT THE Squire Patton Boggs Healthcare Blog

The Triage Health Law Blog aims to foster a broader discussion about the rapidly evolving healthcare industry. Triage provides insightful commentary on a wide range of legal and policy issues impacting the health care sector, including the challenges and opportunities related to recent government action, privacy and cybersecurity concerns, litigation trends and developments, and other regulatory issues. READ MORE